From: Marcel Holtmann <marcel@holtmann.org>
To: netdev@vger.kernel.org
Cc: stable@kernel.org
Subject: Fix SO_ORIGINAL_DST information leak (CVE-2006-1343)
Date: Fri, 26 May 2006 13:50:46 +0200 [thread overview]
Message-ID: <1148644246.21881.7.camel@localhost> (raw)
[-- Attachment #1: Type: text/plain, Size: 295 bytes --]
Hi,
the fix for CVE-2006-1343 (information leak) never made it upstream:
http://marc.theaimsgroup.com/?l=linux-netdev&m=114148078223594&w=2
So here it is again against the latest git repository and with the
additional line in net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c.
Regards
Marcel
[-- Attachment #2: patch --]
[-- Type: text/plain, Size: 1853 bytes --]
[PATCH] Fix small information leak in SO_ORIGINAL_DST
It appears that sockaddr_in.sin_zero is not zeroed during
getsockopt(...SO_ORIGINAL_DST...) operation. This can lead
to an information leak (CVE-2006-1343).
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
---
commit 8b9b62a6bb6c5488fd094d97216787e191721a15
tree fac8f79c318f37d4cb6795e540b77be61c9d1f5d
parent 705af309505681f197f81618440954d10f120dc0
author Marcel Holtmann <marcel@holtmann.org> Fri, 26 May 2006 13:45:42 +0200
committer Marcel Holtmann <marcel@holtmann.org> Fri, 26 May 2006 13:45:42 +0200
net/ipv4/netfilter/ip_conntrack_core.c | 1 +
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 1 +
2 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 979a2ea..a297da7 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1318,6 +1318,7 @@ getorigdst(struct sock *sk, int optval,
.tuple.dst.u.tcp.port;
sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL]
.tuple.dst.ip;
+ memset(sin.sin_zero, 0, sizeof(sin.sin_zero));
DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n",
NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port));
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 5bc9f64..77d9744 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -348,6 +348,7 @@ getorigdst(struct sock *sk, int optval,
.tuple.dst.u.tcp.port;
sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL]
.tuple.dst.u3.ip;
+ memset(sin.sin_zero, 0, sizeof(sin.sin_zero));
DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n",
NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port));
next reply other threads:[~2006-05-26 11:51 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-26 11:50 Marcel Holtmann [this message]
2006-05-26 14:36 ` Fix SO_ORIGINAL_DST information leak (CVE-2006-1343) Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1148644246.21881.7.camel@localhost \
--to=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.